1 results (0.003 seconds)

CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 0

Hawk before 3.1.3 and 4.x before 4.1.1 allow remote attackers to cause a denial of service (CPU consumption or partial outage) via a long (1) header or (2) URI that is matched against an improper regular expression. Hawk en versiones anteriores a 3.1.3 y 4.x en versiones anteriores a 4.1.1 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU o interrupción parcial ) a través de una (1) cabecera o (2) URI larga que coincide contra una expresión regular incorrecta. • http://www.openwall.com/lists/oss-security/2016/02/20/1 http://www.openwall.com/lists/oss-security/2016/02/20/2 https://bugzilla.redhat.com/show_bug.cgi?id=1309721 https://github.com/hueniverse/hawk/commit/0833f99ba64558525995a7e21d4093da1f3e15fa https://github.com/hueniverse/hawk/issues/168 https://nodesecurity.io/advisories/77 • CWE-399: Resource Management Errors •